(USA TODAY) - Twitter plugged a security vulnerability in its popular TweetDeck application Wednesday, after disabling the system for over an hour earlier in the day to fix it.
People logged into the service during the breach got odd pop-up messages. Their systems also randomly re-tweeted messages containing potentially malicious computer code scripts.
When the site was taken down, TweetDeck tweeted, "We've temporarily taken TweetDeck services down to assess today's earlier security issue. We'll update when services are back up."
A Twitter spokesman declined to comment.
Earlier in the day Twitter had pushed out a code fix that was supposed to close the security hole. That first fix didn't work.
At that point, the company tweeted out "A security issue that affected TweetDeck this morning has been fixed. Please log out of TweetDeck and log back in to fully apply the fix."
Less than an hour later, the site was taken down.
TweetDeck is a free download for desktop computers, iPhones, Google's Android devices and the Google Chrome browser. The software allows users to organize their Twitter streams and offers a more user friendly view of Twitter feeds.
The vulnerability allowed attackers to place computer code in a tweet. Once the tweet appeared inside TweetDeck, the code could run actions and be re-tweeted to other accounts, further propagating the problem.
"Tweetdeck appears to have jumped on this issue and patched it, but we're still seeing it spread like wildfire through Twitter," said Trey Ford, a security expert atRapid7, a security firm based in Boston.
"This vulnerability very specifically renders a tweet as code in the browser, allowing various cross site scripting (XSS) attacks to be run by simply viewing a tweet. The current attack we're seeing is a "worm" that self-replicates by creating malicious tweets," he said.
It was originally reported that the vulnerability only affected the app's desktop program and only when it was run on Google's Chrome browser. However users on other platforms, including Internet Explorer 9, are also reporting getting hacked
According to the website Verge, users reported getting random pop-up windows containing messages such as "Yo!" or "Please close now TweetDeck [sic], it is not safe."
Twitter bought TweetDeck in 2011 for about $40 million.
Released in 2008, it was the first third-party Twitter application to catch on with Twitter users.